Go Back   Access World Forums > Apps and Windows > Web Design and Development > ASP and ASP.NET

 
Reply
 
Thread Tools Rate Thread Display Modes
Old 01-20-2006, 08:40 AM   #1
david.brent
Registered User
 
Join Date: Aug 2004
Location: Liverpool UK
Posts: 57
Thanks: 0
Thanked 1 Time in 1 Post
david.brent is on a distinguished road
Damned Single Quote and SQL Server 2000

I know the single quote issue is well documented throughout t'internet but I can't find reference to my particular problem. I have also read up on SQL injection.

I have my data and stored procedure in an SQL 2000 database. I have an HTML page with 2 input boxes - 1 numeric and 1 text. The 2 boxes are intended as references. The can be used independantly and in conjunction. Everything is fine with the numeric box. The text one is a different matter.

Some of the references have a single quote in them. No problem just use Replace(string,"'","''"). Sadly this does not work for me. I get a record count of 0 and no records are returned. If I don't use Replace I get a record count of say 20 and a very strange table layout.

The first record is displayed as should be however, the rest of the records are just stuffed at the end of this record. The whole record doesn't show just the fields after the reference.

I am at a complete loss. Has anyone come across this proble before? I would be very grateful if you could give me your views/ideas on this.

Thank You.

david.brent is offline   Reply With Quote
Old 01-20-2006, 10:00 AM   #2
Kodo
"The Shoe"
 
Kodo's Avatar
 
Join Date: Jan 2004
Location: Syracuse NY
Posts: 707
Thanks: 0
Thanked 1 Time in 1 Post
Kodo is on a distinguished road
Send a message via MSN to Kodo
The apostrophe problem is only for inserts, not selects.
lets see your code and some sample data.
__________________
Message boards: The only place where multiple personality disorders are treated with a "welcome" post.
Kodo is offline   Reply With Quote
Old 01-23-2006, 09:11 AM   #3
david.brent
Registered User
 
Join Date: Aug 2004
Location: Liverpool UK
Posts: 57
Thanks: 0
Thanked 1 Time in 1 Post
david.brent is on a distinguished road
Sorted now thanks

I've sorted this out now. The last column in my html table is a hyperlink to another page. It has details of the references input by the user. This hyperlink was terminating at the single quote. As the references on the next page are for display only, I did a replace(string,"'","***") in the hypherlink and a replace(string,"***","'") on the next page. I know it's not elegent but it will do for now.

Thanks for the help (again) Kodo.

david.brent is offline   Reply With Quote
Reply

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Forum Jump




All times are GMT -8. The time now is 07:24 PM.


Microsoft Access Help
General
Tables
Queries
Forms
Reports
Macros
Modules & VBA
Theory & Practice
Access FAQs
Code Repository
Sample Databases
Video Tutorials

Sponsored Links

How to advertise

Media Kit


Powered by vBulletin®
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
(c) copyright 2017 Access World